A high-severity privilege escalation vulnerability has been identified in the "Academy LMS" plugin for WordPress. This flaw allows a low-privileged attacker to gain administrative access to the affected website. Successful exploitation could result in a complete compromise of the website, leading to data theft, service disruption, and reputational damage.

The vulnerability is a privilege escalation flaw within the Academy LMS plugin. An authenticated attacker with low-level permissions, such as a 'subscriber', can exploit this weakness by sending a specially crafted request to a vulnerable function within the plugin. Due to improper authorization checks, the plugin fails to validate if the user has the necessary permissions to perform a privileged action, allowing the attacker to elevate their user role to that of an administrator.

This is a High severity vulnerability with a CVSS score of 8.1. A successful exploit would grant an attacker full administrative control over the WordPress site. The potential business impact is significant and includes the theft of sensitive user data (e.g., student information, payment details), website defacement, installation of malware or backdoors for persistent access, and complete service disruption. Such an incident could lead to severe financial loss, regulatory fines, and lasting damage to the organization's reputation.

Immediate Action:

• Immediately update "The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution" to the latest version released by the vendor, which contains the security patch for this vulnerability.
• If the plugin is not essential for business operations, consider deactivating and uninstalling it to completely remove the attack surface.
• Review all user accounts, especially those with administrative privileges, to ensure no unauthorized accounts or privilege changes have occurred.

Proactive Monitoring:

• Monitor WordPress audit logs for unexpected or unauthorized changes to user roles, particularly any escalation to an 'administrator' role from a low-privilege account.
• Analyze web server access logs for suspicious POST/GET requests directed at the plugin's endpoints from unusual IP addresses or user agents.
• Implement file integrity monitoring to detect unauthorized changes to WordPress core files, themes, or plugins, which could indicate a backdoor has been installed.

Compensating Controls:

• If immediate patching is not possible, deploy a Web Application Firewall (WAF) with rules specifically designed to block exploit attempts against this vulnerability.
• Temporarily disable the plugin until it can be safely updated.
• Enforce Multi-Factor Authentication (MFA) on all administrative accounts to add a layer of security, making it more difficult for an attacker to use newly acquired privileges.

Public Exploit Available: false

Given the high severity (CVSS 8.1) and the critical impact of a successful exploit (full site compromise), immediate action is required. While this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its nature makes it an attractive target for attackers. We strongly recommend that all organizations using the affected "Academy LMS" plugin prioritize the application of the security update without delay to prevent unauthorized administrative access and protect against potential website compromise.